Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

how to prevent xdd attack to childlist selector in AEM?

Avatar

Level 1

I'm having an issue to block xss attacks to childlist selector:

I've tried adding several stuff in dispatcher.any and httpd.conf, to block the url or redirect to somewhere else, but nothing works.
XiaoyuLi_0-1721290042809.pngXiaoyuLi_1-1721290138880.png

 

this issue remains:
XiaoyuLi_2-1721290346519.png

in the response header, the content-type is text/html

any ideas how to deal with this?
1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @XiaoyuLi 

 

You can try this filter 

{
   /type "deny"
   /path "/etc/designs/xh1x"
   /selectors "childrenlist"
   /extension "json"
   /method "GET"
}

 

There are these new elements /path/selectors/extension, and /suffix in filters, which can be used to further control the behaviour. 

 

Thanks,

Lokesh 

View solution in original post

1 Reply

Avatar

Correct answer by
Community Advisor

Hi @XiaoyuLi 

 

You can try this filter 

{
   /type "deny"
   /path "/etc/designs/xh1x"
   /selectors "childrenlist"
   /extension "json"
   /method "GET"
}

 

There are these new elements /path/selectors/extension, and /suffix in filters, which can be used to further control the behaviour. 

 

Thanks,

Lokesh